glibc vulnerability CVE-2014-7817

Bug #1396471 reported by Pasi Sjöholm on 2014-11-26
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Undecided
Unassigned
Lucid
Medium
Marc Deslauriers
Precise
Medium
Marc Deslauriers
Trusty
Medium
Marc Deslauriers
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
glibc (Ubuntu)
Medium
Adam Conrad
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Medium
Marc Deslauriers
Vivid
Medium
Adam Conrad
information type: Private Security → Public Security
Changed in eglibc (Ubuntu):
status: New → Confirmed
Changed in eglibc (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in eglibc (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in eglibc (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in eglibc (Ubuntu Utopic):
status: New → Invalid
Changed in eglibc (Ubuntu Vivid):
status: Confirmed → Invalid
Changed in glibc (Ubuntu Lucid):
status: New → Invalid
Changed in glibc (Ubuntu Precise):
status: New → Invalid
Changed in glibc (Ubuntu Trusty):
status: New → Invalid
Changed in glibc (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in glibc (Ubuntu Vivid):
assignee: nobody → adicarlo (adam)
importance: Undecided → Medium
status: New → Confirmed
assignee: adicarlo (adam) → Adam Conrad (adconrad)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.19-10ubuntu2.1

---------------
glibc (2.19-10ubuntu2.1) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Fri, 28 Nov 2014 10:48:58 -0500

Changed in glibc (Ubuntu Utopic):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.19

---------------
eglibc (2.11.1-0ubuntu7.19) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:24:33 -0500

Changed in eglibc (Ubuntu Lucid):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.19-0ubuntu6.4

---------------
eglibc (2.19-0ubuntu6.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 12:05:33 -0500

Changed in eglibc (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.15-0ubuntu10.9

---------------
eglibc (2.15-0ubuntu10.9) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:21:12 -0500

Changed in eglibc (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.19-13ubuntu3

---------------
glibc (2.19-13ubuntu3) vivid; urgency=medium

  * any/cvs-CVE-2014-7817.diff: Backport fix from trunk for wordexp,
    making it honour the WRDE_NOCMD flag in all cases (LP: #1396471)
  * Update to release/2.19/master, fixing arm64 frame bug in _start.
 -- Adam Conrad <email address hidden> Thu, 04 Dec 2014 16:56:41 -0700

Changed in glibc (Ubuntu Vivid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers